| Abstract [eng] |
In the final master's thesis, an early warning and alert system (EWAS) for software vulnerability assessment was proposed and prototype of the system was created. In particular, a theoretical study was carried out: relevant information was collected, analyzed and research opportunities were identified, as well as the most suitable algorithms for EWAS were chosen. Based on the analyzed information, a framework was prepared, which consists of phases of the data collection and parsing of data, vulnerability identification and an early warning selection, populating data for web-based console. For the practical part, prototyping methodology, comparative and experimental study were chosen. Project results were evaluated using the OWASP benchmark scoring system and tested against functional requirements. The obtained results are summarized, comments, insights and possible limitations are provided. The overall, benchmark score of the prototype in identification of vulnerabilities was 92%, and the system detected 2270 vulnerabilities and 196 of them were false positives. Additionally, the system was able to identify 15 early warnings related to newly published vulnerabilities before the commercial products. Structure: introduction, related works analysis, proposed solution, experiments and evaluation of initial system, conclusions and references. Thesis consist of: 75 p. text without appendixes, 37 pictures, 10 tables, 39 bibliographical entries. |
